README
¶
vmesh
Introduction
VMesh is a decentralized Layer 3 mesh router and protocol designed for open network interconnection.
It securely handles everything you'll need to interconnect your globally distributed nodes or peer with other networks: packet routing, route announcement, authentication, distributed configuration management, prefix filtering, and more.
VMesh supports only IPv6 in the routed network.
Getting started
Knowledge of routing protocols such as BGP would help a lot in understanding how VMesh works.
Take a look at config.example.json and scripts/ to get an idea about the detailed usage.
Usually you need a globally routable IPv6 block to make full use of VMesh, but you can also request IPv6 prefix allocation and transit from an existing VMesh network through peering. (See Peering, Interconnect with AS209291)
Detailed documentation is still TBD.
Peering
Specify "external_peer_certs": ["/path/to/your/peers/cert.crt"] in your config.json to
allow interconnection with a node with a certificate outside your PKI tree. It's advised to
prefix-filter announcements from external peers - see the "Distributed config" section for
how to do that.
Distributed config
Use the vnconfigsign tool to sign your distributed configuration in JSON format and produce a
.bin. Then start any one node with the -initial-dc your_signed_config.bin option to sync
the configuration with the rest of your network. As long as any single node on your network
is alive with a latest version of the distributed configuration, all directly/indirectly
connected nodes will eventually be in sync.
The JSON format distributed config should look like:
{
"prefix_whitelist": {
"a.vnet.example.com": [
"2001:db8:1000::/48,max_prefix_len=64",
"64:ff9b::/96,max_prefix_len=96"
],
"b.vnet.example.com": [
"2001:db8:2000::/48"
]
}
}
Interconnect with AS209291
VMesh is deployed on my network (AS209291) and is handling most internal traffic among nodes in the globally distributed network.
Email me at me@connected.direct if you want to peer.
Documentation
¶
Index ¶
- Constants
- Variables
- func AbsDiffUint64(left, right uint64) uint64
- type BackingService
- type DistributedConfig
- type DistributedConfigState
- type DummyVif
- type LatencyMeasurementResult
- type LatencyMeasurementState
- type LikeRoutingTable
- func (r *LikeRoutingTable) Delete(prefix [16]byte, prefixLen uint8)
- func (r *LikeRoutingTable) Insert(prefix [16]byte, prefixLen uint8, value interface{}) error
- func (r *LikeRoutingTable) InsertCIDR(repr string, value interface{}) error
- func (r *LikeRoutingTable) Lookup(prefix [16]byte, prefixLen uint8, ...) error
- func (r *LikeRoutingTable) Range(callback func([16]byte, uint8, interface{}) bool)
- type LocalAnnouncement
- type MessageStream
- type MessageTag
- type Node
- func (n *Node) BuildPrintableRoutingTable() string
- func (n *Node) Connect(peer PeerConfig, persist bool) error
- func (n *Node) ConnectToAllPeers()
- func (n *Node) DispatchIPPacket(payload []byte) error
- func (n *Node) GetRouteForAddress(_addr net.IP) (retRouteInfo RouteInfo, retPeer *Peer, retErr error)
- func (n *Node) PersistingConnect(peer PeerConfig, oldError error)
- func (n *Node) ProcessMessageStream(stream MessageStream, peerConfig *PeerConfig) error
- func (n *Node) Run() error
- func (n *Node) UpdateDistributedConfig(dc *protocol.DistributedConfig) error
- type NodeConfig
- type Peer
- type PeerCertCollection
- type PeerConfig
- type PeerID
- type PeerServer
- type PrefixWhitelistEntryProps
- type RouteInfo
- type Tun
- type UDPChannel
- type Vif
- type VifConfig
Constants ¶
const LatencySampleSize = 10
const RetryDelay = 10 * time.Second
const RouteTimeout = 1 * time.Minute
Variables ¶
var EnableDebug bool = false
Functions ¶
func AbsDiffUint64 ¶
Types ¶
type BackingService ¶
type BackingService struct {
// contains filtered or unexported fields
}
func NewBackingService ¶
func NewBackingService(name string, network, address string) (*BackingService, error)
func (*BackingService) GetName ¶
func (s *BackingService) GetName() string
type DistributedConfig ¶
type DistributedConfigState ¶
type DistributedConfigState struct {
sync.Mutex
Config *DistributedConfig
RawConfig *protocol.DistributedConfig
PrefixWhitelistTable map[string]*LikeRoutingTable // typeof value = PrefixWhitelistEntryProps
// contains filtered or unexported fields
}
func (*DistributedConfigState) PrefixIsWhitelisted ¶
func (s *DistributedConfigState) PrefixIsWhitelisted(name string, prefix [16]byte, prefixLen uint8) bool
type LatencyMeasurementResult ¶
type LatencyMeasurementResult struct {
// contains filtered or unexported fields
}
type LatencyMeasurementState ¶
type LikeRoutingTable ¶
type LikeRoutingTable struct {
Routes [129]sync.Map // prefix_len -> (IPV6 Address ([16]byte) -> interface{})
}
func (*LikeRoutingTable) Delete ¶
func (r *LikeRoutingTable) Delete(prefix [16]byte, prefixLen uint8)
func (*LikeRoutingTable) Insert ¶
func (r *LikeRoutingTable) Insert(prefix [16]byte, prefixLen uint8, value interface{}) error
func (*LikeRoutingTable) InsertCIDR ¶
func (r *LikeRoutingTable) InsertCIDR(repr string, value interface{}) error
type LocalAnnouncement ¶
type MessageStream ¶
type MessageTag ¶
type MessageTag uint32
const ( MessageTag_Invalid MessageTag = iota MessageTag_IP MessageTag_Announce MessageTag_Ping MessageTag_Pong MessageTag_UpdateDistributedConfig MessageTag_ChannelRequest MessageTag_ChannelResponse )
type Node ¶
type Node struct {
Config *NodeConfig
CAPool *x509.CertPool // Internal CA
CA *x509.Certificate
PeerCerts PeerCertCollection // External Peers' certificates
FullCert tls.Certificate
LocalID PeerID
Domain string
// Values of the `Peers` map can be temporarily nil to indicate a peer is being initialized.
Peers sync.Map // PeerID -> *Peer
RoutingTable LikeRoutingTable
Vifs map[string]Vif
DCState DistributedConfigState
UDPChannelAddr *net.UDPAddr
UDPChannelListener net.PacketConn
}
func NewNode ¶
func NewNode(config *NodeConfig) (*Node, error)
func (*Node) BuildPrintableRoutingTable ¶
func (*Node) ConnectToAllPeers ¶
func (n *Node) ConnectToAllPeers()
func (*Node) DispatchIPPacket ¶
func (*Node) GetRouteForAddress ¶
func (*Node) PersistingConnect ¶
func (n *Node) PersistingConnect(peer PeerConfig, oldError error)
func (*Node) ProcessMessageStream ¶
func (n *Node) ProcessMessageStream(stream MessageStream, peerConfig *PeerConfig) error
func (*Node) UpdateDistributedConfig ¶
func (n *Node) UpdateDistributedConfig(dc *protocol.DistributedConfig) error
type NodeConfig ¶
type NodeConfig struct {
ListenAddr string `json:"listen_addr"`
CAPath string `json:"ca"`
ExternalPeerCertPaths []string `json:"external_peer_certs"`
CertPath string `json:"cert"`
PrivateKeyPath string `json:"private_key"`
ServerName string `json:"server_name"`
LocalAnnouncements []LocalAnnouncement `json:"local_announcements"`
Peers []PeerConfig `json:"peers"`
Vifs map[string]VifConfig `json:"vifs"`
}
type Peer ¶
type Peer struct {
Node *Node
LocalCert *x509.Certificate
LocalID PeerID
RemoteCert *x509.Certificate
RemoteID PeerID
RemoteName string
Out chan<- *protocol.Message
// contains filtered or unexported fields
}
func (*Peer) GetLatencyMs ¶
func (*Peer) PushLatencyLog ¶
type PeerCertCollection ¶
type PeerCertCollection struct {
Certs map[PeerID]*x509.Certificate
}
type PeerConfig ¶
type PeerServer ¶
type PeerServer struct {
protocol.UnimplementedVnetPeerServer
// contains filtered or unexported fields
}
func (*PeerServer) Input ¶
func (p *PeerServer) Input(server protocol.VnetPeer_InputServer) error
type PrefixWhitelistEntryProps ¶
type PrefixWhitelistEntryProps struct {
MaxPrefixLen uint8
}
func ParsePrefixWhitelistEntry ¶
func ParsePrefixWhitelistEntry(entry string) (string, PrefixWhitelistEntryProps)
type UDPChannel ¶
type UDPChannel struct {
// contains filtered or unexported fields
}
Source Files
Directories